24.2.6 Release Notes | Cloud Security Documentation

Feb 06, 2024

InsightCloudSec is pleased to announce Release 24.2.6

InsightCloudSec Software Release Notice - 24.2.6 Release

Release Highlights (24.2.6)

InsightCloudSec is pleased to announce Release 24.2.6. This release includes an improved user experience for the Event-Driven Harvesting Events Summary and Data Collections pages as well as the ability to sort attack path groups by count. Additionally, we’ve updated four Insights and fixed five bugs.

ℹ️

Self-Hosted Deployment Updates (24.2.6)

There will be no 24.2.6 release availability for self-hosted customers due to a potential UI issue found during our internal validation. Release availability for self-hosted customers will resume Thursday, February 15, 2024. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal .

Features & Enhancements (24.2.6)

Added the ability to sort attack path groups by count. [ENG-34525]
Improved user experience when modifying Basic user role scopes. [ENG-34495]
Updated the user experience for the EDH Events Summary and Data Collections pages. [ENG-34283, ENG-34245]
Added the ability to export Related Resources as a CSV. [ENG-33726]

Resources (24.2.6)

AWS

Added Source Document support for CodeRepository resource (AWS CodeRepositoryHarvester). We have also introduced manual pagination to address the upper limit set by AWS and allow ICS to harvest all repositories. [ENG-27821]

Azure

Added source document support for Azure Virtual Network Gateways. [ENG-19164]

Insights (24.2.6)

AWS

The severity level of the following Insights was updated to Critical:
- Machine Learning Instance with Direct Internet Access Enabled
- Machine Learning Instance with Root Access Enabled (AWS)
- Access List Allows Public Access [ENG-34900]
The severity level of the following Insight was updated to High:
- Bedrock Linked to Bucket Without VPC Restricted Access [ENG-34900]

Bug Fixes (24.2.6)

Fixed missing permissions “ram:GetResourcePolicies” and “ram:ListPrincipals”, which are required for the AWS cloud account visibility checks. [ENG-34679]
Fixed a bug where Customer Insight Packs could be scoped to malformed badges, resulting in inconsistent results across different pages. [ENG-34387]
Removed an incorrect count from the Compliance Scorecard. [ENG-34060]
Fixed an error with Query Filter Database/Database Migration/Broker/Cache Database Cluster Without Minor Upgrades Enabled. We updated the AWS DatabaseInstances Harvester to default the value of auto_minor_upgrades to NULL for DocumentDB Database Instances as per the AWS Documentation. [ENG-33810]
Resolved package security vulnerabilities in accordance with our vulnerability resolution policy. [ENG-34732]

ℹ️

Required Policies & Permissions

Policies required for individual CSPs are as follows:

Alibaba Cloud

Read Only Policy

AWS

Commercial \t- Read Only Policy \t\t - Part 1 \t\t- Part 2 \t\t- Part 3 \t- Power User Policy
GovCloud \t- Read Only Policy \t\t- Part 1 \t\t- Part 2 \t\t- Part 3 \t- Power User Policy
China \t- Read Only Policy \t\t- Part 1 \t\t- Part 2 \t\t- Part 3

Azure

Commercial \t- Custom Reader User Role \t- Power User Role \t- Reader Plus User Role
GovCloud \t- Custom Reader User Role \t- Power User Role

GCP

For GCP, since permissions are tied to APIs, there is no policy file to maintain. Refer to our list of Recommended APIs , which is maintained as part of our GCP coverage.

Oracle Cloud Infrastructure

Host Vulnerability Management

AWS Host VM User Policy

For any questions or concerns, reach out to us through your CSM or the Customer Support Portal .